在除1之外的所有页面上强制使用https和www

时间:2018-02-13 16:55:01

标签: .htaccess

我们的网站上有软件,可以让我们向会员发送短信。该软件与第三方api通信,并将传送报告传送回站点。此交付报告特别需要http://www。发送报告的网址是

RewriteEngine On

RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# force https:// for all except some selected URLs    
RewriteCond %{HTTPS} off
RewriteCond %{THE_REQUEST} !/index.php?option=com_acysms&ctrl=deliveryreport&gateway=telerivet&pass=S6fd65thisisafakepasswordstring/ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# force http:// for selected URLs
RewriteCond %{HTTPS} on
RewriteCond %{THE_REQUEST} /index.php?option=com_acysms&ctrl=deliveryreport&gateway=telerivet&pass=S6fd65thisisafakepasswordstring/ [NC]
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

目前,我在.htaccess中使用此页面将所有页面重定向到https://www 

setInterval

正如您所看到的,我正在尝试从强制https://www协议中排除相关页面。它不起作用。我的所有搜索都涉及https或www,但不是两者。感谢您的任何帮助。

干杯!

1 个答案:

答案 0 :(得分:0)

好的,我不会解决通过不安全连接在查询字符串中发送密码的错误想法。这是你应该与运行该API的第三方讨论的事情。

现在为什么你的RewriteRules可能无法正常工作。

根据Apache变量documentationMIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', "account.middleware.LocaleMiddleware", "account.middleware.TimezoneMiddleware", ] 涵盖完整的请求行,而不仅仅是请求URI或查询字符串:

  

%{THE_REQUEST} |完整的请求行(例如THE_REQUEST

您可能希望使用"GET /index.html HTTP/1.1"%{REQUEST_URI}来捕获这些报告。所以你的规则看起来像是:

%{QUERY_STRING}

或者如果您想使用# force https:// for all except some selected URLs RewriteCond %{HTTPS} off RewriteCond %{QUERY_STRING} !^option=com_acysms&ctrl=deliveryreport&gateway=telerivet&pass=.+$ [NC] RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # force http:// for selected URLs RewriteCond %{HTTPS} on RewriteCond %{QUERY_STRING} ^option=com_acysms&ctrl=deliveryreport&gateway=telerivet&pass=.+$ [NC] RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ,它们将如下所示:

${THE_REQUEST}

由于空格,请求在引号中,但您可以使用# force https:// for all except some selected URLs RewriteCond %{HTTPS} off RewriteCond %{THE_REQUEST} "^POST /index\.php\?option=com_acysms&ctrl=deliveryreport&gateway=telerivet&pass=.+ HTTP/1\.1$" [NC] RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # force http:// for selected URLs RewriteCond %{HTTPS} on RewriteCond %{THE_REQUEST} "^POST /index\.php\?option=com_acysms&ctrl=deliveryreport&gateway=telerivet&pass=.+ HTTP/1\.1$" [NC] RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 转义它们。这也假定请求是使用HTTP 1.1和POST方法进行的。

相关问题
最新问题